\documentclass{article}
\usepackage{ulem}
\usepackage{graphicx}
\usepackage{hyperref}
\pagestyle{headings}
\begin{document}
\part{Running Horde on nginx}
<a href="http://nginx.org">nginx</a> is a high performance webserver. Unlike Apache and lighttpd nginx need an external helper to execute php scripts.

nginx use the concept of include direcrories. You may find a file /etc/nginx/nginx.conf containig a statement

<pre><code>
http \{
    include                             conf.d/*;
    include                             sites-enabled/*;
\}
</code></pre>
That mean any file in /etc/nginx/sites-enabled/ will be used as configfile, too.<br />
So I put my configuration in /etc/nginx/sites-enabled/horde.example.org.

<pre><code>
server \{
    \# assume correct DNS settings
    \# - horde.example.org = 192.0.2.1 and 2001:db8::1
    \# - 1.2.0.192.in-addr.arpa. = horde.example.org
    \# - 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa = horde.example.org
    listen                              192.0.2.1:443 ssl spdy;
    listen                              [2001:db8::1]:443 ssl spdy;
    server\_name                         horde.example.org;

    \# minimum ssl stuff
    ssl\_certificate                     /etc/ssl/horde.example.org/cert+intermediate.pem;
    ssl\_certificate\_key                 /etc/ssl/horde.example.org/key.pem;

    \# optional: see https://www.owasp.org/index.php/List\_of\_useful\_HTTP\_headers
    add\_header                          strict-transport-security "max-age=31536000";
    add\_header                          x-frame-options           "sameorigin";
    add\_header                          x-xss-protection          "1; mode=block";
    add\_header                          x-content-type-options    "nosniff";

    root                                /path/to/horde/;
    index                               index.php;

    client\_max\_body\_size 8m; \# allow bigger attachements, default is 1m

    location / \{

       \# Ruud Baart
       \# support for activesync
       \# works for me with Outlook 2013 and Android 5.0.1 but not good enough!
       \# needs modification
       location /Microsoft-Server-ActiveSync \{
            alias /path/to/horde/rpc.php;
            fastcgi\_split\_path\_info \^{}(.+\textbackslash\{\}.php)(/.+)\$;
            fastcgi\_pass                unix:/var/run/phpcgi/socket;
            include                     /etc/nginx/fastcgi.conf;
            fastcgi\_intercept\_errors    on;
            fastcgi\_read\_timeout        640;
        \}
        location /autodiscover/autodiscover.xml \{
            alias /path/to/horde/rpc.php;
            fastcgi\_split\_path\_info \^{}(.+\textbackslash\{\}.php)(/.+)\$;
            fastcgi\_pass                unix:/var/run/phpcgi/socket;
            include                     /etc/nginx/fastcgi.conf;
        \}
        location /Autodiscover/Autodiscover.xml \{
            alias /path/to/horde/rpc.php;
            fastcgi\_split\_path\_info \^{}(.+\textbackslash\{\}.php)(/.+)\$;
            fastcgi\_pass                unix:/var/run/phpcgi/socket;
            include                     /etc/nginx/fastcgi.conf;
         \}
        location /.well-known/caldav \{
            alias /path/to/horde/rpc.php;
            fastcgi\_split\_path\_info \^{}(.+\textbackslash\{\}.php)(/.+)\$;
            fastcgi\_pass                unix:/var/run/phpcgi/socket;
            include                     /etc/nginx/fastcgi.conf;
         \}
        location /.well-known/carddav \{
            alias /path/to/horde/rpc.php;
            fastcgi\_split\_path\_info \^{}(.+\textbackslash\{\}.php)(/.+)\$;
            fastcgi\_pass                unix:/var/run/phpcgi/socket;
            include                     /etc/nginx/fastcgi.conf;
         \}

        location \^{}\textasciitilde{} /static/ \{
            expires                     4w;
            add\_header                  Cache-Control public;
        \}

        location \^{}\textasciitilde{} /themes/ \{
            expires                     4w;
            add\_header                  Cache-Control public;
        \}

        location \^{}\textasciitilde{} /services/ajax.php \{
            fastcgi\_split\_path\_info     \^{}(.+\textbackslash\{\}.php)(/.+)\$;
            fastcgi\_pass                unix:/var/run/phpcgi/socket;
            include                     /etc/nginx/fastcgi.conf;
        \}

        location \^{}\textasciitilde{} /wicked/ \{
		if (!-f \$request\_filename) \{
			rewrite \^{}/wicked/(.+)\$ /wicked/display.php?page=\$1\&\$query\_string last;
			break;
		\}
        \} 

        location \textasciitilde{} \textbackslash\{\}.php \{
            fastcgi\_pass                unix:/var/run/phpcgi/socket;
            include                     /etc/nginx/fastcgi.conf;
        \}

        try\_files                       \$uri \$uri/ /rampage.php?\$args;

    \}
\}
</code></pre>
the file /etc/nginx/fastcgi.conf is included in default nginx installations.

The socket \texttt{/var/run/phpcgi/socket} is created by a separate php process. The name of the<br />
socket can differ between the Linux/Unix distributions. For instance Debian uses /var/run/php5-fpm.sock.<br />
The important thing: nginx must have write access to the socket. So it's best to run nginx and php with the same uid.

I like to run such processes supervised, aka not forking in background, by such script:

<pre><code>
\#!/bin/sh

exec < /dev/null
exec 2>\&1

\# still root now
\# create the directory for the socket to allow the non-root user to create the socket
install -d -o www-run -g root -m 0700 /var/run/phpcgi/
rm -f /var/run/phpcgi/socket

cd /empty
exec env - setuidgid www-run /usr/bin/php5-cgi --bindpath /var/run/phpcgi/socket --no-chdir
</code></pre>
\texttt{setuidgid} belong to a toolchain from djb. <a href="http://cr.yp.to/daemontools/setuidgid.html">It simply switch to the given uid</a>.

\textbf{ATTENTION: this ist the first configuration published here. It's working but assumed to need optimitzation.}

\end{document}